- can't expose your other JS so use VM2- but VM2 will probably leak and doesn't protect against while(true) so run in a container- but then you read containers can't be trusted! Kernel exploits galore! For real security use full virtualization- But KVM might have bugs too! The real way to go is bare metal.- You're gonna airgap that, right?

@deejoe on the nodejs side the situation is kind of crazy. It's amazing there aren't more hostile modules out there. They could do so much damage so easily, and npm is the perfect thing to spread them.